For example, if the information contains personally identifiable information (PII) data such as Social Security numbers or credit card information, then the severity of the vulnerability should be considered to be critical. This is a very common vulnerability that is present in the APIs the severity of the vulnerability is determined by the information that is being disclosed as a result of the vulnerability. ![]() This is a result of there not being the appropriate authorisation in place on that specific endpoint. ![]() In other words, this vulnerability allows the attacker to access resources that he does not have any authorization to access. ![]() In this vulnerability, an attacker manipulates the ID of his resources with the user’s resource ID at the time of API call and, as a result of improper authorization, accesses the resources of the other user to which he does not have any authorization to access. This vulnerability can also be thought of as the Insecure Direct Object Reference or IDOR.
0 Comments
Leave a Reply. |